Change Your Twitter Password Right Now

04 May Change Your Twitter Password Right Now

One of the most important things any user should know how to do on their account is change their password, in case of update requests or security issues. This article on how to change your Twitter password comes from Wired.

Change Your Twitter Password Right Now

Twitter has begun notifying both mobile and desktop users to change their passwords, but several people have reported errors and lags, presumably because everyone is trying to make account changes at once (which is good!).

Companies generally protect user passwords by scrambling them in a cryptographic process known as hashing. As Agrawal explained, Twitter does this, too, using a well-regarded hash function called bcrypt. But a bug caused Twitter to accidentally store passwords unprotected in some type of internal log before its password management system finished hashing them. The system would then complete the hash, and everything would look fine, even though the passwords were readable in the log. While it’s great that Twitter eventually realized the situation and is taking steps to ensure that it never happens again, it’s disconcerting that such a fundamental flaw in a crucial user protection existed in the first place.

“I’m sorry that this happened,” Agrawal wrote on Twitter after posting the announcement. “We are sharing this information to help people make an informed decision about their account security. We didn’t have to, but believe it’s the right thing to do.” The disclosure came on World Password Day.

It’s true that Twitter could have simply implemented remediations and hoped for the best, but its users deserve to know if and when their passwords have been exposed—especially because it’s always possible that the data actually was improperly accessed. And the company could have gone even farther with its disclosure. “We ask that you consider changing your password on all services where you’ve used this password,” Agrawal wrote in the statement. Instead of making it optional, Twitter could have forced all of its users to change their passwords to guarantee their security.

How to Change Your Password on Twitter

To do just that for your own account, navigate to Settings and privacy > Password. Enter your current password and then pick a new one. And if you used your old Twitter password for any other accounts, you should change those, too.